From 91d38d59b42ee77346b0d33315f403d8fa678576 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 17 Jul 2017 10:25:02 +0200 Subject: update MOA SAML2 metadata provider to support metadata located on file system --- .../validation/oa/OAPVP2ConfigValidation.java | 105 +++++++++++---------- 1 file changed, 54 insertions(+), 51 deletions(-) (limited to 'id/ConfigWebTool/src/main') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java index 61a380188..79e7e9252 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java @@ -111,81 +111,84 @@ public class OAPVP2ConfigValidation { log.info("MetaDataURL has no valid form."); errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.valid", request)); - } else { - + } else { if (certSerialized == null) { log.info("No certificate for metadata validation"); errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.notfound", request)); - } else { - - X509Certificate cert = new X509Certificate(certSerialized); - BasicX509Credential credential = new BasicX509Credential(); - credential.setEntityCertificate(cert); + } else { + if (form.getMetaDataURL().startsWith("http")) { + X509Certificate cert = new X509Certificate(certSerialized); + BasicX509Credential credential = new BasicX509Credential(); + credential.setEntityCertificate(cert); - timer = new Timer(); - httpClient = new MOAHttpClient(); + timer = new Timer(); + httpClient = new MOAHttpClient(); - if (form.getMetaDataURL().startsWith("https:")) - try { - MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( - "MOAMetaDataProvider", - ConfigurationProvider.getInstance().getCertStoreDirectory(), - ConfigurationProvider.getInstance().getTrustStoreDirectory(), - null, - "pkix", - true, - new String[]{"crl"}, - false); + if (form.getMetaDataURL().startsWith("https:")) + try { + MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( + "MOAMetaDataProvider", + ConfigurationProvider.getInstance().getCertStoreDirectory(), + ConfigurationProvider.getInstance().getTrustStoreDirectory(), + null, + "pkix", + true, + new String[]{"crl"}, + false); - httpClient.setCustomSSLTrustStore( - form.getMetaDataURL(), - protoSocketFactory); + httpClient.setCustomSSLTrustStore( + form.getMetaDataURL(), + protoSocketFactory); - } catch (MOAHttpProtocolSocketFactoryException e) { - log.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e); + } catch (MOAHttpProtocolSocketFactoryException e) { + log.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e); - } catch (ConfigurationException e) { - log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore.", e); + } catch (ConfigurationException e) { + log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore.", e); - } + } - List filterList = new ArrayList(); - filterList.add(new MetaDataVerificationFilter(credential)); + List filterList = new ArrayList(); + filterList.add(new MetaDataVerificationFilter(credential)); - try { - filterList.add(new SchemaValidationFilter( - ConfigurationProvider.getInstance().isPVPMetadataSchemaValidationActive())); + try { + filterList.add(new SchemaValidationFilter( + ConfigurationProvider.getInstance().isPVPMetadataSchemaValidationActive())); - } catch (ConfigurationException e) { - log.warn("Configuration access FAILED!", e); + } catch (ConfigurationException e) { + log.warn("Configuration access FAILED!", e); - } + } + + MetadataFilterChain filter = new MetadataFilterChain(); + filter.setFilters(filterList); - MetadataFilterChain filter = new MetadataFilterChain(); - filter.setFilters(filterList); + httpProvider = + new HTTPMetadataProvider(timer, httpClient, form.getMetaDataURL()); + httpProvider.setParserPool(new BasicParserPool()); + httpProvider.setRequireValidMetadata(true); + httpProvider.setMetadataFilter(filter); + httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes + httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours - httpProvider = - new HTTPMetadataProvider(timer, httpClient, form.getMetaDataURL()); - httpProvider.setParserPool(new BasicParserPool()); - httpProvider.setRequireValidMetadata(true); - httpProvider.setMetadataFilter(filter); - httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes - httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours + httpProvider.setRequireValidMetadata(true); - httpProvider.setRequireValidMetadata(true); + httpProvider.initialize(); - httpProvider.initialize(); + if (httpProvider.getMetadata() == null) { + log.info("Metadata could be received but validation FAILED."); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.validation", request)); + } - if (httpProvider.getMetadata() == null) { - log.info("Metadata could be received but validation FAILED."); - errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.validation", request)); + } else { + log.info("Metadata load validation skipped, because it's no http(s) metadata: " + form.getMetaDataURL()); + } - } } } -- cgit v1.2.3